Posted
by
kdawson
on Friday September 18, 2009 @08:10AM
from the it's-my-football dept.

alphadogg writes 'Microsoft's new CodePlex Foundation has serious flaws to correct if it wants to become a credible force in the open source industry, and attract a diverse collection of developers and participants, according to an expert in forming consortia and foundations. Andy Updegrove, a lawyer and founder of ConsortiumInfo.org, says Microsoft has created with CodePlex a rigid foundation that has almost no wiggle room and a poorly crafted governance structure that concentrates authority at the top and leaves little power to others who might join the foundation.' Here is Andy's detailed analysis of CodePlex's structure: "Over the past 22 years, I've helped structure scores of open, consensus based consortia and foundations, and represented over 100 in all... In this blog entry, I'll show where I think the legal and governance structure of CodePlex has wandered off the open path, and offer specific recommendations for how the structure could be changed to give people (other than Microsoft business partners) confidence that CodePlex will be an organization worth joining."

I think it needs less Microsoft or better, none at all. It blatantly obvious this is a mere publicity stunt. The bylaws arent accidentally about giving all control to Microsoft.

The only good thing at all is that it puts Miguel de Icaza on Microsofts side so that people easier understand where his loyalty really lies. The discussions about Mono and abolishing it from distributions should get easier now.

There is the little matter of potential patent time bombs. I won't use Mono for that reason alone. I have absolutely no faith in Microsoft's largesse, or in the moles like Icaza who seem hell bent on selling everyone up the river.

"There is the little matter of potential patent time bombs. I won't use Mono for that reason alone. I have absolutely no faith in Microsoft's largesse, or in the moles like Icaza who seem hell bent on selling everyone up the river."

Amen. I always like to say when someone defends Mono for being an ECMA standard: "Standardization does not mean indemnification." The worst a standards organization could do to Microsoft for patent trolling.NET through Mono would be to abolish the standard, something I imagine wouldn't even remotely bother Microsoft at that point.

As for de Icaza, it should have been blatantly obvious that he was a traitor when he:

- Applied for a job at Microsoft. I don't know how he responded to being rejected, assuming he actually was rejected.

- Actually wanted to bring.NET to Linux despite the fact that very few developers saw real value in it. Notice how few big projects outside of his umbrella actually use Mono or even want to use Mono. Note also that the only Mono-using apps I've seen on Linux are aimed directly at GNOME, de Icaza's little "love child."

- I think a real red flag should have been raised when he started calling OOXML "superb" and blindly thinking it was being "FUD'd." I doubt he ever actually read the standard.

To me, CodePlex is just abother ploy on MS's part to try to control code. That's also why I think they were so unusually interested in proliferating Mono with de Icaza.

It's nothing to do with moral or immoral, but with not trusting Microsoft (and is there any reason to trust Microsoft) and not wanting to become beholden anywhere along the development to them directly or indirectly. There are enough other ways to achieve platform independence that Mono does not need to enter the equation.

If you have faith in Microsoft's promises, then go to it. But until Microsoft releases the.Net technologies fully through legitimate open source licenses so that there is neither potential encumbrance and the technology truly becomes platform-independent, count me out. Microsoft has enough leverage in the development business without my silly little projects adding to it.

I think that's a good attitude though. MS isn't known for telling the whole truth. ECMA has a code of conduct for Standards they approve. It mostly covers Patents. Bottom line is a standard with patents cannot be approved if it can't be licensed on a reasonable, non-discriminatory basis.

I don't think MS should have to release any of their.Net stuff with an open source license. Not yet anyways. Remember how it happened with Java [wikipedia.org]? What started as closed ended up open.

Then release the standard unencumbered. IF a promise is as good as simply letting it out there, then letting it out there is preferable.

On one level (technological) there's simply no reason to pick Mono over other platform-neutral methods. On another level, just having a promise, no matter how much you think the legal system will protect you, ain't good enough for me. Microsoft has demonstrated time and time again just how untrustworthy it is, and the Novell deal which turncoats like Icaza hide under dem

"...a poorly crafted governance structure that concentrates authority at the top and leaves little power to others who might join the foundation."
Doesn't look like it captures the OSS development spirit, to me...

It reads more as a consortium of Software companies.....except software companies do not give each other their source code, so the only contributor will only ever be Microsoft...

It's entire system appears to be that it is OpenSource for people who do not want, like, or understand OpenSource.... and it appears they want to achieve this by not being OpenSource.... however this already exists and does not need a foundation....

But it almost perfectly captures Microsoft's view on the software market.

That's true but it also shows a pretty significant shift in their view of the software market. Previously their public support has been against nearly any form of open source.

I think there is a big difference between open management or open development (on a project level) and open source code projects. I don't Microsoft's management philosophy will ever align to the FSF ideas of open development, but that doesn't necessarily invalidate their contribution. I think this is an important step because before

That's probably because it isn't supposed to. It's supposed to allow Microsoft and any other companies who sign on to support it the ability to say "We like open source. We're spending eleventy-billion dollars on supporting an independent open source foundation." By calling it "open source" even if it's not, it succeeds at its PR purpose.

Remember the Halloween Documents [catb.org]? I don't think we have any reason to think that Microsoft has suddenly decided that they should become the next Red Hat.

For all its inherent Redmond-flavoured lameness, Codeplex is at least an open source site. From their FAQ [codeplex.com]:

What licenses does CodePlex support?

Project coordinators can select from a list of the following OSI licenses: Apache License 2.0, Common Development and Distribution License (CDDL), Eclipse Public License (EPL), GNU General Public License (GPL) v2, GNU Library General Public License (LGPL), Microsoft Public License (Ms-PL), Microsoft Reciprocal License (Ms-RL), Mozilla Public License 1.1 (MPL), New

That's _even more_ troubling. They're creating a software ecosystem that satisfies the definition of open source, but at same time is completely separate and incompatible with the existing open source ecosystem, because it's based on proprietary Microsoft technologies. Just check how many projects on Codeplex depend on WPF, MS Office, or other MS software.

No one has ever asked for GPL v3. It's FSF's vista. Well, that and hurd.

Yeah you seem to know a lot about GPL. How is that slashdot summary reading as your only source of information going for you? And in contrast to your shitty Vista example, GPLv2 code will never be forced to migrate to GPLv3. Different licenses for different purposes.

"...a poorly crafted governance structure that concentrates authority at the top and leaves little power to others who might join the foundation."
Doesn't look like it captures the OSS development spirit, to me...

The article is well-thought and well written. Though Andy uses longer, politer phrases to beat around the bush, M$ Code Pox, is a scam and misrepresentation. Even though we're not surprised by that behavior from M$ and its minions, we shouldn't put up with it. After all, ten years ago tech people laughed at M$, M$ products, M$ users and M$ boosters. however, they did nothing to stop the spread and now look at the big cleanup job before us.

The reason people buy MS products has nothing to do with a conspiracy theory. MS makes good products. You have to admit that Office is a pretty amazing application, and I know first hand that SharePoint has been a godsend to many organizations.

No I would never admit to such nonsense. You can't just throw it out there as if it was some sort of de facto. Some people buy MS products because they consider it good, but most people buy it because they don't have (or know that they have) a choice (except joining the third reich of Apple) which tend to cost much more than PCs with Windows.

The last time I looked, there were something like 230 million paid users of MS Office, and another 200 million illegal copies of MS Office floating around peoples desktops. Globally there have been (approximately) 135 million downloads of OpenOffice. You can't say that OO is totally unknown if it's got a fanbase exceed the 100M mark.
Still that's just HALF of the number of pirated copies of MS Office. If MS Office was garbage then why would so many people be going out of their way to steal it when free or other alternatives exist?

You're completely ignoring that Office is an industry standard with proprietary formats leaving any company wanting to migrate in some form of trouble when exchanging documents with others. I happen to work within such a company (20k employees worldwide) and we use OOo as much as possible, and by as much as possible I mean for users that exchange documents internally only.

Now some anecdotale stuff, which you'll just have to take my word for. I've personally seen businesses running Novell and Domino (not at the same time, obviously) backends AND MS SharePoint. Novell makes a SharePoint connector for petes sake! So, if it's all about borging the masses, why has SharePoint become the most popular document management system on the planet? Are we all borged, or is there something that the market likes about SharePoint?

Look, I don't intend to flamebait here, but your word, not to mention as an AC, is worth as much as molded horse shit. You want to change

Because I'm sure my Linux on [insert device here] port will look just fine on CodePlex.

Hmm. MS's recommended migration path from Visual FoxPro is to.NET and SQL Server. I wrote a tool [sourceforge.net] to simplify migration of VFP databases to PostgreSQL instead. Wonder if they'd like to host it for me?

Hmm. MS's recommended migration path from Visual FoxPro is to.NET and SQL Server. I wrote a tool to simplify migration of VFP databases to PostgreSQL instead. Wonder if they'd like to host it for me?

Sure, why not? They host a RedHat-based Linux distro [codeplex.com] on CodePlex, I don't know how you could possibly go beyond that.

In general, all you need to know is written in EULA (and this specific sentence is also quoted on CodePlex front page):

"Microsoft does not control, review, revise, endorse or distribute third-party Submissions. Microsoft is hosting the CodePlex site solely as a web storage site as a service to the developer community."

Actually, my project's under GPLv3 so they won't host it. I guess MS doesn't like the extra patent protections.

I doubt it, since Ms-PL [opensource.org] itself includes a patent clause:

Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

And a patent nuke clause:

If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

If they contributed to your project under Ms-PL and then sued you over patents for that code, then they have no legal standing because by contributing under that license, they made a patent grant already. A problem is there only if your own part of code (not the code they contributed) infringes on their patent. In which case, yes, it works the way you describe.

In practice, the first scenario is far more important, since this is the usual tactics of hijacking GPLv2 projects by "patent poisoning" them. The se

Well, the GPLv3 takes care about both scenarios as far as possible given the current legal settings. Why would you as an individual software developer who does not own any software patents choose the Ms-PL if it only protects your patents but not your contributed code?

A: In my view, itâ(TM)s bad, because it means that the Board of Directors not only has complete control, but the Board is also self-perpetuating (i.e., the directors elect their own successors). Moreover, there are no term limits on how long a Board member can serve. In this kind of organization, the Board is not answerable to the participants, and the participants have no say or control at all over how the organization is managed or evolves.

The author of the article points out that Microsoft has created a self-controlling organization without industry partners and given it complete control of itself. The implication is that CodePlex will fail because participants will be backed into a corner if they want to do anything that the Board of Directors opposes. It seems like the term "Microsoft Open Source" is still an oxymoron.

They are entirely founded. Microsoft is a public corporation which is required to make money for its shareholders. It doesn't say anything about doing anything to benefit the common good, though it is allowed if the shareholders also benefit financially.

Mono WOULD be the death of Linux if serious amounts of serious developers actually uses it. So far the biggest app I've seen Mono implemented on in Linux is Banshee. Hardly a boon to the intended purpose of Mono to kill Linux through wrecking its reputation or bring it down with patent traps.

I trust that, in general, the Linux development community isnt trusting Mono, or at least simply sees no point in using it.

Sounds to me like they're fixing the number one problem in FOSS. Lack of direction and management is what leaves open source software so unpolished compared to it's corporate "competition".
"governance structure that concentrates authority at the top"

There's a big difference between guidance/oversight/direction and domination. Freedom to innovate and design is part of the power and attraction of open source software. As far as polish is concerned, MS and other corporate software vendors have proved over and over that you can put a high polish on a turd (MS Bob, Clippy, Win ME, Vista, etc.) and at the end you still have nothing but a finely polished turd.

The software world, particularly MS customers, owes a debt of thanks to open source software for

You know, I really wonder why MS even bothers getting into open source.

If Microsoft tries to get into open source, it's seen as a move to stranglehold OSS Development and software.

If Microsoft closes the door and goes completely proprietary, it's seen as a move to stranglehold OSS Development and software.

Ballmer should say screw it and just go back to the 90's and steamroll all over the competition. If the government gets involved, split all the divisions into separate companies, get them all to join some consortium group, and keep on steamrolling away.

"Ballmer should say screw it and just go back to the 90's and steamroll all over the competition."

Hi there, where have you been since the 90's ? Rest assured you have missed much much steamrolling while you were gone. The whole OOXML debacle is something you really should catch up on, with all the bribes, stacking of panels and other fun stuff. Also take a look at how Microsofts totally dumped the price on Windows for netbooks to kill off any continued linux adoption. Why not look into how an ASUS represent

Shockingly, if you time and time again fuck people over, they stop putting so much trust in you.

Microsoft releases a driver for Linux under the GPL and spins it as them working towards accepting open source more. Except it doesn't really help anyone but them. And later it turns out that they were only doing so because they were breaking the GPL. And then later that the code was shit and has taken a bunch of effort to get into decent shape and they've been completely ignoring emails on the subject.

Microsoft puts C# and the CLI under the "Microsoft Community Promise" and trumpets as it being a win for interoperability and open source. Except it only covers the core standardized parts. All the libraries specific to Microsoft's implementation that are widely used aren't included. As a result it basically only makes it easier to move from other implementations to theirs, and not the other way around, and the only one who wins is Microsoft.

Microsoft works towards standardizing the new format for the new version of Office, and yet again plays up the interoperability aspects. Except the standard is a bloated mess, poorly defines things, in many cases says "just do it like that other program did" and doesn't specify what that means, and is in general just shit. It's nigh-impossible for anyone but them to properly implement. It replicates an existing standard, a better one, for no purpose beyond continued lock-in. Even Office doesn't properly support it and won't until the next version. It has myriad serious problems [wikipedia.org] with its standardization process.

Is it really a surprise that people don't trust them when they're constantly doing things like that? If they made a serious effort, they could win most people over, but they so far haven't. And even if they do eventually do so, it'll be entirely reasonable for people to be cautious at first, because they have an extensive and still growing history of being deceptive with this sort of thing.

Except it doesn't really help anyone but them. And later it turns out that they were only doing so because they were breaking the GPL. And then later that the code was shit and has taken a bunch of effort to get into decent shape and they've been completely ignoring emails on the subject.

Microsoft puts C# and the CLI under the "Microsoft Community Promise" and trumpets as it being a win for interoperability and open source. Except it only covers the core standardized parts. All the libraries specific to Microsoft's implementation that are widely used aren't included. As a result it basically only makes it easier to move from other implementations to theirs, and not the other way around, and the only one who wins is Microsoft.

It's still better than some other industry-standard languages such as, I dunno, C and C++. Show me their standardized network, threading, GUI libraries please? When did an open-source Java become useable: before or after Microsoft came with open-source C#?

Now I hate Microsoft as much as the next slashdotter, but let's be pragmatic please. Microsoft isn't Bill Gates, it's a th

When did an open-source Java become useable: before or after Microsoft came with open-source C#?

Well, a published standard and a half-hearted covenant not to sue isn't really equivalent in my book to releasing the source code under an OSI approved licence, which I don't believe they've done as yet. And Mono doesn't really count, not being Microsoft's code to release. Unless you know something about Miguel that the rest of us don't.

Just like most other companies contributing drivers to the kernel through Greg K-H's Linux Driver Project, as Greg points out himself

Specifically, it says this:

Now, on one hand this is no different from any other company that I have worked with through the driver project. We are averaging about 2 new companies a month right now, working with them to get their code cleaned up and merged into the Linux kernel tree. Stuff like this happens all the time with new companies becoming part of the Linux kernel comm

I think a better question than 'Why bother' would be 'could they at least bother?'.Your theory that FOSS developers may not like MS trying to get more open source with confidence may be true or not, who knows? But we may never know... Since so far MS has not even tried to do so...

I mean seriously, what the hell is this? It looks like some attempt to make OS more patent friendly. Honestly, patents and open source mix just as well as a clown and the pope.

That's because Bill was in charge of the company longer and presided over most of its history and that of Windows. While Ballmer has been CEO, all MS have released OS wise is XP, the various Windows Server OSes and Vista.

First, keep in mind, the provisional board of the CodePlex Foundation is only half Microsoft, and they have a mandate to setup a new board within a certain time frame.
Second, they've also said the default license will actually be the Modified BSD license, so none of that untrusted MS-PL stuff going on.
Thirdly, I've caught word from the inside that one of the effects this could have will be Microsoft employees being allowed to use open-source software internally, along with the ability to contribute to s

Thirdly, I've caught word from the inside that one of the effects this could have will be Microsoft employees being allowed to use open-source software internally, along with the ability to contribute to said projects under this CodePlex Foundation.

Sorry for being sceptical, but how does a new forge relate to MS employees being allowed to use and improve existing open source programs -- ones that have zero incentive to move to codeplex? And even if it did, why should that affect how the OS community looks a

word from the inside that one of the effects this could have will be Microsoft employees being allowed to use open-source software internally, along with the ability to contribute to said projects under this CodePlex Foundation

The whole reason d'atre of The CodePlex Foundation is that it isn't the Free Software Foundation or the Open Inventions Network. Microsoft could have just have easily one of these or similar organizations. But then again they wouldn't be so easy to control - which is the whole point of the exercise. Pollute, extend and embrace Microsoft control of 'open source', and by extension Open Standards. And here's what one of the current members of the board of TCF has to say about his time at the FSF.

"I hope that I can last more on this foundation than I lasted at the FSF, where I was removed by RMS after refusing to be an active part of the campaign to rename Linux as GNU/Linux", Miguel de Icaza

Meh , you would wonder if Icaza is intentionally misleading or just clueless. He is a capable developer so I'll pick the former. There is no campaign to rename 'Linux' into GNU/Linux, but a campaign to actually name the OS completely. Linux does not do any code compilation, Linux is not a shell, etc. Miguel Icaza should know better what a kernel is and what it isn't.

It is fair to argue that "Linux" is the defacto name of the whole OS, but Icaza shouldn't be claiming that GNU/Linux is an attempt to rename L

Meh , you would wonder if Icaza is intentionally misleading or just clueless. He is a capable developer so I'll pick the former. There is no campaign to rename 'Linux' into GNU/Linux, but a campaign to actually name the OS completely. Linux does not do any code compilation, Linux is not a shell, etc. Miguel Icaza should know better what a kernel is and what it isn't.

It is fair to argue that "Linux" is the defacto name of the whole OS, but Icaza shouldn't be claiming that GNU/Linux is an attempt to rename Linux... It is just an attempt to give credit to GNU for the tools that make the kernel actually usable. People calling the OS GNU/Linux, have not changed the kernel's name. I would have no qualms if Icaza simply said that it was an attempt to give GNU more credit than it deserved, I guess it is arguable. But to call it an attempt to rename Linux is simply misleading, and that's the problem . Icaza lately has been playing too much for the other side, so I am not even sure anymore if he is being intentionally misleading or if it was just a honest mistake from his part.

You know the biggest problem RMS has is either his ego or his faith in humanity. Anybody who gives a shit already knows that Linux is accompanied generally by a GNU environment. Why complicate things even more for the dimwhits? It wouldn't make a difference other than cause confusion for that majority of people who wouldn't care in the end, just to gain recognition or for the sole principle of it. RMS does a lot of good for the FOSS community, no doubt, and his function remains to be the extremist whom push

There is no campaign to rename 'Linux' into GNU/Linux, but a campaign to actually name the OS completely. Linux does not do any code compilation, Linux is not a shell, etc. Miguel Icaza should know better what a kernel is and what it isn't.

Please stop representing Stallmanite mind control as logic.

Just because you believe whatever divisive, deliberately attention-seeking and controversial canard your Leader has generated this month, that doesn't mean that the rest of us consider it sane.

Stallman wants two things.

a) Narcissistic supply, to be worshipped as God, and to be the centre of attention on a continual basis.b) Control of as many other people as humanly possible, which basically follows on from a).

They're not what defines the operating system. They're not drivers, they're not modules, and they're not the kernel. Ubuntu's not an OS, it's a system distribution, and it's not "derived" from GNU since there was never a GNU distribution. They're important, yes, but not important enough to call a Linux distribution a GNU distribution. It's Stallman taking credit where credit isn't due.

There's no GNU code in the operating system layer. ITS ALL USERSPACE. You didn't name a single fucking thing that runs in kernel mode. It's all Linux drivers and modules and the kernel itself. The operating system layer is ONLY that which runs in kernel mode that manages or helps manage processes, hardware, and resources. NO GNU SOFTWARE USED IN A LINUX DISTRIBUTION FITS THIS CRITERIA! The operating system inherits the name of the kernel, not the userspace tools that sit in the operating environment layer o

2. The distribution was created by someone who is not the GNU project.

3. There needs to be a lot more than just userspace tools and shells for something to automagically become GNU, no matter how "important" they are. There's lots of BSD tools in Linux, too, ans we're not calling it GNU/BSD/Linux. Then there's a shitton of Xorg tools, too. It's no more important than any other "important" part of a distribut

(Yggdrasil was the first distro to do that - they called the whole OS LGX - Linux/GNU/X - I guess that flattered Stallman's ego enough to keep the first two letters and swap them so the core of the OS suddenly became less important than a bunch of utilities - let's face it, Apple and the *BSDs use gcc, so it,s most certainly what deserves GNU in the name)

GNU is not essential and can and has been in the past replaced by BSD and Plan 9 by individual efforts. It's not an OS. I can get any shell I want, I know of at least 4 libc, 5 compilers and 4 userland utilities sets I could swap for GNU - besides, the original tools in Linux were not GNU but GNU forks made because they couldn't give a fuck about micros.

"We want to be more responsive to your needs," said Sam Ramji of Microsoft during a Linux Foundation Collaboration Summit panel this week as he wiped rotten tomatoes off his suit.

"We want all open source innovation to happen on Windows. In practice, Windows is too slow, and just putting Linux underneath the same software stack triples performance. So we're running the Windows versions of the software on Linux using Wine. We'll al

The CodePlex Foundation = Phase One Embrace and Extend Attempt, in terms of the whole FOSS foundation model.

With this, I suspect Microsoft are making one final, last ditch effort to kill FOSS. I'm not sure how exactly, yet; but past experience says they first try and exactly mimic whatever they want to destroy, then get everyone addicted to their mimicry, then "extend" said mimicry to generate lock-in, and then finally destroy said mimicry after the original is also dead.

Not only that, but why put what appears to be a boardroom discussion on your blog unless Microsoft's made it clear they won't play ball. Sounds like "It's a Trap!" which now has a big glowing neon sign over the top of it.

Since when is the Apple app store about open source? It's not, therefore it's irrelevant. The "crime" here isn't that authoritarian software vendors exist. Apple has zero to do with this, except your desire to bash people. Bash all you want, I really don't care, but at least try to have a logical basis for your attack, or else you look frikkin' stupid.

The "crime", if you want to call it that, is that after years of scuzzball tactics, FUD, lawsuits, smears, and namecalling ("linux is a cancer"... rem

The "crime", if you want to call it that, is that after years of scuzzball tactics, FUD, lawsuits, smears, and namecalling ("linux is a cancer"... remember that?), a true blue, died-in-the-wool authoritarian software vendor is posing as a "look-at-me-I'm-hip-now" open source software vendor, likely while trying to find yet another way to screw the real open source community. Judging by the way they structured their "open source" (to use the term veeeerrryy loosely) initiative, they seem to think that open source means "will do what we tell them for free", proving that they still don't get it.

RICO [usdoj.gov] should cover most of M$ business models, past and present.

While you're at it, add up the total damage from the Windows malware per quarter. It's got the late Osama Bin Laden beat, hands down. There may well be a business case for air strikes against Redmond. Obviously that would be preceded by naval bombardment and followed by after-action mop up by ground units.